Writing a Bootloader

Osanda Malith Jayathissa
Jan 30 · 6 min read

What is a Bootloader?

A bootloader is a special program that is executed each time a bootable device is initialized by the computer during its power on or reset that will load the kernel image into the memory. This application is very close to hardware and to the architecture of the CPU. All x86 PCs boot in Real Mode. In this mode, you have only 16-bit instructions. Our bootloader runs in Real Mode and our bootloader is a 16-bit program.

How this works?

When you switch on the PC the BIOS wants to boot up an OS that must be found somewhere in hard disks, floppy disk, CDs, etc. The order in which BIOS searches an OS is user configurable. Next, the BIOS reads the first 512-byte sector of the bootable disk. Usually, a sector is 512 bytes in size. This is known as the Master Boot Record (MBR). BIOS simply loads the contents of the MBR into memory location “0x7c00” and jumps to that location to start executing whatever code is in the MBR. Our bootloader should be 512 bytes in size as well.

Code440 bytesDisk signature4 bytesNull2 byte partition tables64 bytes MBR signature2 bytesTotal512 bytes

The boot process is:

  • Turn on your PC and BIOS executes
  • The BIOS seeks the MBR in boot order which is user configurable.
  • The BIOS loads a 512-byte boot sector into memory location “0x7c00” from the specified media and begins executing it.
  • Those 512 bytes then go on to load the OS itself or a more complex bootloader.

BIOS Interrupts

These interrupts help OS and application invoke the facilities of the BIOS. This is loaded before the bootloader and it is very helpful in communicating with the I/O. Since we don’t have OS-level interrupts this is the only option that would be helpful.

For example to print a character to the screen using BIOS interrupt calls.

This is a simple boot loader written in AT&T syntax.

/* 
Disk description table, to make it a valid floppy
FAT12 file system format
*/
jmp _start
.byte 144 #NOP
.ascii “OsandaOS” #OEMLabel
.word 512 #BytesPerSector
.byte 1 #SectorsPerCluster
.word 1 #ReservedForBoot
.byte 2 #NumberOfFats
.word 224 #RootDirEntries (224 * 32 = 7168 = 14 sectors to read)
.word 2880 #LogicalSectors
.byte 0xf0 #MediumByte
.word 9 #SectorsPerFat
.word 18 #SectorsPerTrack
.word 2 #Sides
.long 0 #HiddenSectors
.byte 0 #LargeSectors
.byte 0 #DriveNo
.byte 0x29 #Signature (41 for Floppy)
.long 0x12345678 #VolumeID
.ascii “My First OS” #VolumeLabel
.ascii “FAT12 “ #FileSystem
_start:
movw $0, %ax
movw %ax, %ss
movw %ax, %ds
movw %ax, %es
movw $string, %si
loop:
movb $0xe, %ah
movb (%si), %al
cmpb $0, %al
je done
int $0x10
addw $1, %si
jmp loop
done:
jmp done #infinite loop
string:
.ascii “Welcome to @OsandaMalith’s First OS :)”
.byte 0
.fill 0x1fe — (. — main) ,1,0 #Pad remainder of boot sector with 0s
.word 0xaa55 #The standard PC boot signature

https://github.com/OsandaMalith/bootloader/blob/master/loader.S
Assemble and link the code. I have explicitly specified to load the text section to load at 0x7c00 and it will calculate the absolute addressing.

ld -m elf_i386 loader.o --oformat=binary -o loader.bin  -Ttext 0x7c00

The same in NASM using Intel syntax.

BITS 16jmp short _start ; Jump past disk description section
nop

; Disk description table, to make it a valid floppy
OEMLabel db “OsandaOS” ; Disk label
BytesPerSector dw 512 ; Bytes per sector
SectorsPerCluster db 1 ; Sectors per cluster
ReservedForBoot dw 1 ; Reserved sectors for boot record
NumberOfFats db 2 ; Number of copies of the FAT
RootDirEntries dw 224
LogicalSectors dw 2880 ; Number of logical sectors
MediumByte db 0F0h ; Medium descriptor byte
SectorsPerFat dw 9 ; Sectors per FAT
SectorsPerTrack dw 18 ; Sectors per track (36/cylinder)
Sides dw 2 ; Number of sides/heads
HiddenSectors dd 0 ; Number of hidden sectors
LargeSectors dd 0 ; Number of LBA sectors
DriveNo dw 0 ; Drive No: 0
Signature db 41 ; Drive signature: 41 for floppy
VolumeID dd 12345678h ; Volume ID: any number
VolumeLabel db “My First OS”; Volume Label: any 11 chars
FileSystem db “FAT12 “ ; File system type: don’t change!
_start:
mov ax, 07C0h ; move 0x7c00 into ax
mov ds, ax ; set data segment to where we’re loaded
mov si, string ; Put string position into SI
call print_string ; Call our string-printing routine
jmp $ ; infinite loop!string db “Welcome to @OsandaMalith’s First OS :)”, 0
print_string:
mov ah, 0Eh ; int 10h ‘print char’ function
.loop:
lodsb ; load string byte to al
cmp al, 0 ; cmp al with 0
je .done ; if char is zero, ret
int 10h ; else, print
jmp .loop
.done:
ret
times 510-($-$$) db 0 ; Pad remainder of boot sector with 0s
dw 0xAA55 ; The standard PC boot signature

https://github.com/OsandaMalith/bootloader/blob/master/loader.nasm
Assemble the file using binary as the format.

If you use the file utility you will see that it’s a legit 1.4MB floppy Disk and a 32-bit boot sector.

If you open our bootloader in a hex editor you will see our 512 size program and in the end there should be our boot signature 0xaa55.

After that convert the binary file to a floppy image.

You can also convert the binary file to an ISO using tools such as UltraISO, etc. You may burn and try in your PC instead of emulating.
Use Qemu to test our newly created bootloader 🙂

You can develop something like this 🙂

Bootloader In C

We can use inline assembly using C to write a simple bootloader. I’ll be showing a simple example to print “Hello”.

https://github.com/OsandaMalith/bootloader/blob/master/loader.c
This will be the linker script specified in the linker as “test.ld”

https://github.com/OsandaMalith/bootloader/blob/master/test.ld
After that compile using GCC and we generate only an object file and manually link using the linker specifying our linker script.

After that boot our image using Qemu 🙂

Using BIOS interrupts you can write nice programs to the boot sector of your PC 🙂

References

http://duartes.org/gustavo/blog/post/how-computers-boot-up/
http://wiki.osdev.org
http://mikeos.sourceforge.net/
https://en.wikipedia.org/wiki/BIOS_interrupt_call


InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Osanda Malith Jayathissa

Written by

Security Researcher — https://osandamalith.com ☕ Support me by buying me a Coffee 💖— https://buymeacoff.ee/osandamalith

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade